The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

computer vulnerability bulletin CVE-2005-4505

McAfee VirusScan: program execution by naPrdMgr.exe

Synthesis of the vulnerability

An attacker can store a program on system, in order to make it run by naPrdMgr.exe.
Vulnerable products: CheckPoint SecureClient, CheckPoint SecuRemote, VPN-1, Kaspersky AV, VirusScan, Windows 2000, Windows NT.
Severity of this weakness: 1/4.
Consequences of an attack: administrator access/rights.
Hacker's origin: user shell.
Creation date: 23/12/2005.
Références of this bulletin: BID-16040, CVE-2005-4505, VIGILANCE-VUL-5448.

Description of the vulnerability

The naPrdMgr.exe program periodically runs, with Local System rights:
  C:\Program Files\Network Associates\VirusScan\EntVUtil.EXE

However, this path is not enclosed between quotes. When permissions permit it, an attacker can thus create a program with a short name:
  C:\Program.exe
  C:\Program Files\Network.exe

This program is then run with system rights.
Full Vigil@nce bulletin... (Free trial)

Computer vulnerabilities tracking service

Vigil@nce provides a computers vulnerabilities patch. The technology watch team tracks security threats targeting the computer system. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system. The Vigil@nce team tracks computer vulnerabilities impacting systems and applications.